About that Toaster with the Gambling Problem

January 12, 2018

Vaughan Emery

While I wish him a long and productive career in his field of electrical and computer engineering, Andrew Miller, Assistant Professor at the University of Illinois, Urbana-Champaign, has already achieved fame for a simple tweet he sent back in 2015, providing his concise description of the IoT: “The Internet of Things is when your toaster mines Bitcoins to pay off its gambling debts to the fridge.”

‍

Professor Miller’s widely circulated quote has great humor, but it is also insightful with its references to IoT devices interacting and conducting microtransactions using a cryptocurrency. Rapid growth in device-to-device commerce – powered by cryptocurrency – is anticipated.

‍

As the IoT becomes more robust, so will the interactions between devices, including the need for devices to autonomously conduct transactions – such as a device in the field negotiating for and purchasing (with digital tokens) bandwidth or electric power.

‍

Preparing for the Age of Autonomy (and Atonomi)

‍

Several have written about a rapidly approaching “Age of Autonomy.” An article in Venturebeat described the inevitability of autonomous devices this way: “Objects you’ve never even considered will become smart devices – dog collars, coffee makers, windows. That’s billions of devices and trillions of sensors, too many to manage through human manipulation or the stimulus-response commands of the past. It will become a practical necessity for devices to operate autonomously.”

‍

That last sentence deserves repeating:“It will become a practical necessity for devices to operate autonomously.”

‍

There are already billions of IoT devices functioning in the world. Gartner estimates that more than 5 million new devices come on line each day. And that by 2020 we will be up to some 20 billion IoT devices. Devices will become increasingly interconnected, including executing business flow logistics and purchasing. This means billions of devices engaged in trillions of transactions.

‍

With a potential attack surface that vast, the world needs new ways of providing security – including through establishing immutable identity for a device, validating a device’s provenance, and tracking its operational reputation to detect behavioral changes that could indicate a compromised device.

‍

When a Toaster Pops

‍

Protecting the IoT is best accomplished with a layered approach, validating security at different points of a device’s lifecycle. Identity is foundational to security. When a new device is introduced to the network – say that brand new toaster that has never gambled a day in its life – it should be able to prove its provenance with a crypto key pair that matches a manufacturer’s whitelist of devices. This helps ensure the device is legitimate and hasn’t been tampered with pre-deployment. With root of trust established, the device’s identity can be registered to the blockchain.

‍

We believe a critically important additional layer of security can be provided through ongoing reputation auditing and ranking. Reputation can be based upon a spectrum of metrics, including machine learning of behavioral history and auditing by incentivized auditors. All of this can help detect when a good device goes bad.

‍

Tracking behavioral changes through reputation can provide early warning when an industrial pump – perhaps newly infected with malware – attempts to perform out-of-character operations or to connect to systems it normally wouldn’t touch.

‍

And reputation auditing would let you see when that kitchen toaster starts connecting to online betting sites to place wagers with your risk-taking fridge.

‍

We believe that IoT can never reach its full potential without an independent service that establishes immutable identity, handles reputation and trust, and allows autonomous devices to exchange payment for services.